Commit Graph

905 Commits

Author SHA1 Message Date
Jonas Nick 2277af5ff0 Fix integer overflow in ecmult_multi_var when n is large 2019-02-25 16:13:17 +00:00
Gregory Maxwell 85d0e1bcce
Merge #591: Make bench_internal obey secp256k1_fe_sqrt's contract wrt aliasing.
b76e45d Make bench_internal obey secp256k1_fe_sqrt's contract wrt aliasing. (Gregory Maxwell)

Pull request description:

  Bench_internal was previously incorrect but wasn't detected by -DVERIFY until PR #551.

Tree-SHA512: 5ecb9e3ba63ddf28cde4012154dbb1dda9b7178016d970dba58a4af20c31aa1ec3458ba2623541233fb16fceff7b3053054d6eee0229d0bfb6281d1a10554e9f
2019-02-24 19:20:54 +00:00
Gregory Maxwell 14196379ec
Merge #580: Add trivial ecmult_multi algorithm which does not require a scratch space
a697d82 Add trivial ecmult_multi to the benchmark tool (Jonas Nick)
bade617 Add trivial ecmult_multi algorithm. It is selected when no scratch space is given and just multiplies and adds the points. (Jonas Nick)

Pull request description:

  This commit adds a new ecmult_multi algorithm that is automatically selected when `ecmult_multi_var` is called with scratch space set to `NULL`. This is a trivial algorithm that simply multiplies the points with the corresponding scalars and adds them up.

  The use case is to allow creating exposed function that uses `ecmult_multi` but without requiring a scratch space argument. For example, in MuSig when computing the combined public key we need to compute a weighted sum of points but we most likely don't care about the performance. And if we do we can still provide a scratch space. Having the option of not providing a scratch space is useful because creating a scratch space is not entirely trivial. One needs to decide on a size and it needs to be destroyed.

Tree-SHA512: 2de20feeff00902ca0936ec1f8d81cf7a95d0917f80e76e9eacbd739c8c2e248fbdaeb468a0aeaf715ec251c2c79b5e271ff4d77456218d02332e26e003d796e
2019-02-24 03:06:54 +00:00
Jonas Nick a697d82da9 Add trivial ecmult_multi to the benchmark tool 2019-02-23 20:30:31 +00:00
Jonas Nick bade617417 Add trivial ecmult_multi algorithm. It is selected when no scratch space is given and just multiplies and adds the points. 2019-02-23 20:24:28 +00:00
Gregory Maxwell 5545e13dea
Merge #584: configure: Use CFLAGS_FOR_BUILD when checking native compiler
a34bcaa Actually pass CFLAGS_FOR_BUILD and LDFLAGS_FOR_BUILD to linker (Tim Ruffing)
2d5f4ce configure: Use CFLAGS_FOR_BUILD when checking native compiler (Tim Ruffing)

Pull request description:

  This fixes a bug where configure would fail or disable static
  ecmult tables because it wrongly checks the native compiler using
  the target CFLAGS (instead of the native CFLAGS_FOR_BUILD).

  Moreover, this commit adds tests to figure out whether the native
  compiler supports the warning flags passed during the build, and it
  contains a few minor improvements to the code that checks the native
  compiler.

Tree-SHA512: 31a92a5516cf2f9801c918edfba0059aa4f8549b0c1de94fc166b5e92ad1868a480c48cdc5ff62679ba20e26f4a0e2948c71fd2b3e80766673d2bf7512da3875
2019-02-22 01:29:02 +00:00
Gregory Maxwell 20c5869df2
Merge #516: improvements to random seed in src/tests.c
be40c4d Fixup for C90 mixed declarations. (Gregory Maxwell)
8b3841c fix bug in fread() failure check (Don Viszneki)
cddef0c tests: add warning message when /dev/urandom fails (Don Viszneki)

Pull request description:

  I've made two small changes to `src/tests.c` circa random seed generation.

  Added a warning when `/dev/urandom` fails, mostly to defend against the case that someone should use the code verbatim, but also to enhance its illustrative power.

  Also I fixed a bug with how the return value of `fread()` was being evaluated. In fact, `/dev/urandom` was never being applied before as the check on the return value of `fread()` always failed!

Tree-SHA512: 239dbe8316220c2f0e5b370bf9a18f78196e96cc4a7edea58cf2521b2c9cbc8da065be96aa859f90324d57e388d30f7670ce6bc1cca52e5162e5ca66b1a55b34
2019-02-21 11:46:13 +00:00
Gregory Maxwell b76e45d5d6 Make bench_internal obey secp256k1_fe_sqrt's contract wrt aliasing.
Bench_internal was previously incorrect but wasn't detected by
 -DVERIFY until PR #551.
2019-02-21 05:58:33 +00:00
Gregory Maxwell 870a977644
Merge #562: Make use of TAG_PUBKEY constants in secp256k1_eckey_pubkey_parse
d3cb1f9 Make use of TAG_PUBKEY constants in secp256k1_eckey_pubkey_parse (Ben Woosley)

Pull request description:

  This results in more self-documenting code.

  Constants defined here:
  1e6f1f5ad5/include/secp256k1.h (L175-L180)

Tree-SHA512: 2026103c487a5ebdea9a2f5ec2be96d74e38d5b2269b4df11e354bb54aba2925b47c3185f530205019840b00fc3501121acfa5234faf1d095d71777826414f69
2019-02-21 05:35:10 +00:00
Gregory Maxwell be40c4d0b5 Fixup for C90 mixed declarations.
Reported-by: Jonas Nick <jonasd.nick@gmail.com>
2019-02-21 05:00:29 +00:00
Gregory Maxwell c71dd2c08f
Merge #509: Fix algorithm selection in bench_ecmult
0f05173 Fix algorithm selection in bench_ecmult (Jonas Nick)

Pull request description:

  Without this commit using an unknown argument results in a segmentation fault.

Tree-SHA512: 85b8f977e62fa360ff6dc923bd86f08725c30e178d58f43d33cbd8eb69e54fa4ec76e4407624611a80554cf9961689bce6b216da735ac95b256d0d2f60fe3328
2019-02-21 04:47:12 +00:00
Gregory Maxwell 6492bf88cc
Merge #518: Summarize build options after running configure
3965027 Summarize build options in configure script (Evan Klitzke)

Pull request description:

  This is a trivial build system change to summarize the build options after running configure.

  Example output:
  ```
  $ ./configure
  ....
  <many lines omitted>
  ...
  config.status: src/libsecp256k1-config.h is unchanged
  config.status: executing depfiles commands
  config.status: executing libtool commands

  Build Options:
    with endomorphism   = no
    with ecmult precomp = yes
    with jni            = no
    module ecdh         = no
    module recovery     = no

    asm                 = x86_64
    bignum              = gmp
    field               = 64bit
    scalar              = 64bit

    CC                  = gcc
    CFLAGS              = -g -O2 -W -std=c89 -pedantic -Wall -Wextra -Wcast-align -Wnested-externs -Wshadow -Wstrict-prototypes -Wno-unused-function -Wno-long-long -Wno-overlength-strings -fvisibility=hidden -O3
    CPPFLAGS            =
    LDFLAGS             =
  ```

  I tried to just include the configure options that looked interesting; let me know if there are any I didn't include that I should have.

Tree-SHA512: 428381654d772f76bc81210d39ba5c3f07a94dc6a6378a02ccc6f23ebce7f501896268bcd2e94e2b0d8aea54c9c70c44a9238a0f0960600f463b1e2847c7ed1f
2019-02-21 04:44:01 +00:00
Gregory Maxwell 0e9ada1941
Merge #567: Correct order of libs returned on pkg-config --libs --static libsecp2…
89a20a8 Correct order of libs returned on pkg-config --libs --static libsecp256k1 call. (Phillip Mienk)

Pull request description:

  …56k1 call.

Tree-SHA512: 095f5e71837e63a2bb6e9cf04cabe7f1ec55cf0fc32b44c80a89c232efb7d74bf0f148a8cd29f9fa2999f02bbc638d9a086ffd50888aab6f9fd5db74e37ae4d4
2019-02-21 04:36:40 +00:00
Gregory Maxwell e96901a4b9
Merge #587: Make randomization of a non-signing context a noop
6198375 Make randomization of a non-signing context a noop (Tim Ruffing)

Pull request description:

  Before this commit secp256k1_context_randomize called illegal_callback
  when called on a context not initialized for signing. This is not
  documented. Moreover, it is not desirable because non-signing contexts
  may use randomization in the future.

  This commit makes secp256k1_context_randomize a noop in this case. This
  is safe because the context cannot be used for signing anyway.

  This fixes #573 and it fixes rust-bitcoin/rust-secp256k1#82.

Tree-SHA512: 34ddfeb004d9da8f4a77c739fa2110544c28939378e779226da52f410a0e36b3aacb3ebd2e3f3918832a9027684c161789cfdc27a133f2f0e0f1c47e8363029c
2019-02-21 04:33:59 +00:00
Gregory Maxwell 58df8d03ad
Merge #511: Portability fix for the configure scripts generated
270f6c8 Portability fix for the configure scripts generated (Pierre Pronchery)

Pull request description:

  Found thanks to the developer checks from the pkgsrc software
  distribution (for NetBSD, SmartOS, Minix, MacOS X, Linux, and more).

Tree-SHA512: 2589545aa4d0620db66e79df1dc148a487384b5169ba7323937490d802973388859d30d45b35ee3e614be6d49cb694f37f585a16caa87ad1e500a0b7368dcc0a
2019-02-21 04:28:20 +00:00
Gregory Maxwell 2ebdad772a
Merge #552: Make constants static:
496c5b4 Make constants static: static const secp256k1_ge secp256k1_ge_const_g; static const int CURVE_B; (Russell O'Connor)

Pull request description:

  static const secp256k1_ge secp256k1_ge_const_g;
  static const int CURVE_B;

Tree-SHA512: df8d34777d3b1b90eef875d50c2870e2480f08685b399a22eaf584ce294766e0de3a41523757a23e311e633886c89400313421282beca791326a06695f348940
2019-02-21 04:26:40 +00:00
Gregory Maxwell 1c131affd3
Merge #551: secp256k1_fe_sqrt: Verify that the arguments don't alias.
bf8b86c secp256k1_fe_sqrt: Verify that the arguments don't alias. (Russell O'Connor)

Pull request description:

Tree-SHA512: 4e9128625817be83a1259e7dbdb82c4be8ee0174af7d5e76eeac3245d23d6bf01378d9697dcb870eb61577afd7c0556cb3c6633e3b27504add14c10b18f7c607
2019-02-21 04:23:50 +00:00
Gregory Maxwell ba698f883b
Merge #539: Assorted minor corrections
52ab96f clean dependendies in field_*_impl.h (Russell O'Connor)
deff5ed Correct math typos in field_*.h (Russell O'Connor)
4efb3f8 Add check that restrict pointers don't alias with all parameters. (Russell O'Connor)

Pull request description:

  * add more checks for restrict pointers.
  * correct math typos.
  * refine dependencies on "num.h"

Tree-SHA512: c368f577927db2ace3e7f46850cb2fdf9d7d169b698a9697767e1f82e9e7091f2b2fea0f7cf173048eb4c1bb56824c884fa849c04c595ee97766c01f346a54ec
2019-02-21 04:20:35 +00:00
Gregory Maxwell 949e85b009
Merge #550: Optimize secp256k1_fe_normalize_weak calls.
9bd89c8 Optimize secp256k1_fe_normalize_weak calls. Move secp256k1_fe_normalize_weak calls out of ECMULT_TABLE_GET_GE and ECMULT_TABLE_GET_GE_STORAGE and into secp256k1_ge_globalz_set_table_gej instead. (Russell O'Connor)

Pull request description:

  Move secp256k1_fe_normalize_weak calls out of ECMULT_TABLE_GET_GE and ECMULT_TABLE_GET_GE_STORAGE and into secp256k1_ge_globalz_set_table_gej instead.

Tree-SHA512: 7bbb1aca8e37a268a26d7061bd1f390db129e697792f1d5ddd10ea34927616edc26ef118b500c3e5e14d1d463196033ef64e4d34b765380325c24835458b7a9b
2019-02-21 04:14:40 +00:00
Tim Ruffing a34bcaadf1 Actually pass CFLAGS_FOR_BUILD and LDFLAGS_FOR_BUILD to linker 2019-02-10 11:58:52 +01:00
Tim Ruffing 2d5f4cebdc configure: Use CFLAGS_FOR_BUILD when checking native compiler
This fixes a bug where configure would fail or disable static
ecmult tables because it wrongly checks the native compiler using
the target CFLAGS (instead of the native CFLAGS_FOR_BUILD), and
similar for CPPFLAGS and LDFLAGS.

Moreover, this commit adds tests to figure out whether the native
compiler supports the warning flags passed during the build, and it
contains a few minor improvements to the code that checks the native
compiler.
2019-02-10 11:56:36 +01:00
Pieter Wuille b408c6a8b2
Merge #579: Use __GNUC_PREREQ for detecting __builtin_expect
c663397 Use __GNUC_PREREQ for detecting __builtin_expect (Tim Ruffing)

Pull request description:

Tree-SHA512: 659a721da835eb15966a2a5386d6ae4c3defbb6ad473905f14161a3cf36d1556d44d887602019c89ebeffdfd82ed469ff27914dc2aaee6648d1e0c8a22151c27
2019-02-04 14:33:03 -08:00
Tim Ruffing 6198375218 Make randomization of a non-signing context a noop
Before this commit secp256k1_context_randomize called illegal_callback
when called on a context not initialized for signing. This is not
documented. Moreover, it is not desirable because non-signing contexts
may use randomization in the future.

This commit makes secp256k1_context_randomize a noop in this case. This
is safe because the context cannot be used for signing anyway.

This fixes #573 and it fixes rust-bitcoin/rust-secp256k1#82.
2019-01-27 13:33:52 +01:00
Tim Ruffing c663397f46 Use __GNUC_PREREQ for detecting __builtin_expect 2018-12-17 11:47:25 +01:00
Pieter Wuille e34ceb333b
Merge #557: Eliminate scratch memory used when generating contexts
b3bf5f9 ecmult_impl: expand comment to explain how effective affine interacts with everything (Andrew Poelstra)
efa783f Store z-ratios in the 'x' coord they'll recover (Peter Dettman)
ffd3b34 add `secp256k1_ge_set_all_gej_var` test which deals with many infinite points (Andrew Poelstra)
84740ac ecmult_impl: save one fe_inv_var (Andrew Poelstra)
4704527 ecmult_impl: eliminate scratch memory used when generating context (Andrew Poelstra)
7f7a2ed ecmult_gen_impl: eliminate scratch memory used when generating context (Andrew Poelstra)

Pull request description:

  Builds on #553

Tree-SHA512: 6031a601a4a476c1d21fc8db219383e7930434d2f199543c61aca0118412322dd814a0109c385ff1f83d16897170dd0c25051697b0f88f15234b0059b661af41
2018-11-26 09:14:58 -08:00
Andrew Poelstra b3bf5f99a3 ecmult_impl: expand comment to explain how effective affine interacts with everything 2018-11-10 14:01:13 +00:00
Peter Dettman efa783f8f0 Store z-ratios in the 'x' coord they'll recover 2018-11-10 13:14:43 +00:00
Andrew Poelstra ffd3b346fe add `secp256k1_ge_set_all_gej_var` test which deals with many infinite points 2018-11-09 00:20:53 +00:00
Andrew Poelstra 84740acd2a ecmult_impl: save one fe_inv_var 2018-11-09 00:20:53 +00:00
Andrew Poelstra 47045270fa ecmult_impl: eliminate scratch memory used when generating context 2018-11-09 00:20:51 +00:00
Andrew Poelstra 7f7a2ed3a8 ecmult_gen_impl: eliminate scratch memory used when generating context 2018-11-09 00:16:06 +00:00
Pieter Wuille 314a61d724
Merge #553: add static context object which has no capabilities
40fde61 prevent attempts to modify `secp256k1_context_no_precomp` (Andrew Poelstra)
ed7c084 add static context object which has no capabilities (Andrew Poelstra)

Pull request description:

Tree-SHA512: a843ed7ba00a00a46eec3146ce428d4b49eb440af766f44d731b1f51553d08de8cc9a0af5ed114d0dfdca6f4bf4a2ede4dbd6a37d6bd818b81630089424a0ba5
2018-11-05 18:25:56 -08:00
Phillip Mienk 89a20a8945 Correct order of libs returned on pkg-config --libs --static libsecp256k1 call. 2018-10-22 17:24:45 -07:00
Pieter Wuille 1086fda4c1
Merge #354: [ECDH API change] Support custom hash function
c8fbc3c [ECDH API change] Allow pass arbitrary data to hash function (Kirill Fomichev)
b00be65 [ECDH API change] Support custom hash function (Kirill Fomichev)

Pull request description:

  Solve #352

Tree-SHA512: f5985874d03e976cdb3d59036af7720636ad1488da40fd3bd7881b1fb71b05036a952013d519baa84c4ce4b558bdef25c4ce76b384b297e4d0aece9e37e78a01
2018-10-17 12:14:48 -07:00
Ben Woosley d3cb1f95eb
Make use of TAG_PUBKEY constants in secp256k1_eckey_pubkey_parse
This results in more self-documenting code.
2018-10-09 15:40:41 +09:00
Andrew Poelstra 40fde611bd prevent attempts to modify `secp256k1_context_no_precomp` 2018-10-04 15:16:38 +00:00
Andrew Poelstra ed7c08417a add static context object which has no capabilities 2018-10-04 15:16:34 +00:00
Russell O'Connor 496c5b43b8 Make constants static:
static const secp256k1_ge secp256k1_ge_const_g;
static const int CURVE_B;
2018-08-15 15:42:06 -04:00
Russell O'Connor bf8b86cc07 secp256k1_fe_sqrt: Verify that the arguments don't alias. 2018-08-14 18:21:13 -04:00
Russell O'Connor 9bd89c836b Optimize secp256k1_fe_normalize_weak calls.
Move secp256k1_fe_normalize_weak calls out of ECMULT_TABLE_GET_GE and ECMULT_TABLE_GET_GE_STORAGE and into secp256k1_ge_globalz_set_table_gej instead.
2018-08-12 23:47:38 -04:00
Russell O'Connor 52ab96fedb clean dependendies in field_*_impl.h 2018-07-06 08:40:35 -04:00
Russell O'Connor deff5edd42 Correct math typos in field_*.h 2018-07-06 08:40:35 -04:00
Russell O'Connor 4efb3f8dd1 Add check that restrict pointers don't alias with all parameters. 2018-07-06 08:40:34 -04:00
Pieter Wuille 1e6f1f5ad5
Merge #529: fix tests.c in the count == 0 case
95e99f1 fix tests.c in the count == 0 case (Andrew Poelstra)

Pull request description:

  Fixes #528

Tree-SHA512: 8b28d84f95bcd1337fbd7fb187dee2a9bad2b6b595eaf42a2d855e5784f48a1f3ad5739881b22eea115d32c4525feb69b41958699a165c847fcfb8096cc4903a
2018-05-31 12:00:47 -07:00
Kirill Fomichev c8fbc3c397 [ECDH API change] Allow pass arbitrary data to hash function 2018-05-17 00:38:58 +03:00
Kirill Fomichev b00be65056 [ECDH API change] Support custom hash function 2018-05-17 00:05:09 +03:00
Andrew Poelstra 95e99f196f fix tests.c in the count == 0 case 2018-04-10 19:32:04 +00:00
Pieter Wuille 452d8e4d2a
Merge #523: scratch: add stack frame support
6fe5043 scratch: add stack frame support (Andrew Poelstra)

Pull request description:

  Replaces the single-blob stack space ith one that internally manages multiple blobs, which are exposed to the user as "frames". Users allocate new blobs with `secp256k1_scratch_allocate_frame` and deallocate them with `secp256k1_scratch_deallocate_frame`. Then any calls to `secp256k1_scratch_alloc` use the frame at the top of the stack. This is guaranteed to succeed, assuming that the frame allocation succeeded and that the user is not requesting more memory than the frame was allocated with.

Tree-SHA512: 0b2072c5b9df8f3b40fb6d76e94fcfcc6a03a7da33e31249b5f24b02eb8a3311f282f6a4732153d6101968de8f9a568009a72735a1cc688a0f3040055799a09d
2018-04-05 16:35:27 -07:00
Andrew Poelstra 6fe50439ae scratch: add stack frame support 2018-04-05 22:49:29 +00:00
Pieter Wuille 9bc2e26502
Merge #522: parameterize ecmult_const over input size
7c1b91b parameterize ecmult_const over input size (Andrew Poelstra)

Pull request description:

Tree-SHA512: 0afd0c0156add54209e79c623d780559dfd85910ef0a0c476bcabd1074ad468d7983b7b6bb6e8bd3fe6e9b8bc703d78d09c3b99f8da990dfe004bbdc65496e66
2018-04-05 14:09:14 -07:00